Fortinet administrators must immediately reset passwords, isolate management interfaces from the internet, and enable multi-factor authentication organization-wide to reduce the risk of a coordinated credential abuse campaign.
Three vulnerabilities in Fortinet FortiSandbox (CVE-2026-39813, CVE-2026-39808, CVE-2026-25089) are being actively exploited; two were patched since April 2026, the newest only a week old.